Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e38362e302f32342d3234203d3e2039303039.roa
File:                     3231332e3133392e38362e302f32342d3234203d3e2039303039.roa (raw, json)
Hash identifier:          FfLZiCS8Nd3284OE5qfthGu+7ch+27qC/k5QS2NyeLA=
Subject key identifier:   C6:AC:4F:AB:8D:4E:79:41:E9:E2:08:64:1B:97:51:86:50:F2:11:4D
Certificate issuer:       /CN=b683f2eb50c5999a77456e8826831609d48c7d3e
Certificate serial:       35DE1599FF0243BD948C5A352375D5A19B7C0D8D
Authority key identifier: B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e38362e302f32342d3234203d3e2039303039.roa
Signing time:             Mon 21 Apr 2025 10:54:03 +0000
ROA not before:           Mon 21 Apr 2025 10:49:03 +0000
ROA not after:            Mon 20 Apr 2026 10:54:03 +0000
asID:                     9009
IP address blocks:        213.139.86.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Jun 2025 23:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:de:15:99:ff:02:43:bd:94:8c:5a:35:23:75:d5:a1:9b:7c:0d:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b683f2eb50c5999a77456e8826831609d48c7d3e
        Validity
            Not Before: Apr 21 10:49:03 2025 GMT
            Not After : Apr 20 10:54:03 2026 GMT
        Subject: CN=C6AC4FAB8D4E7941E9E208641B97518650F2114D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:ef:d3:53:86:c7:7b:a0:9c:0c:7c:a9:35:b2:
                    7f:6b:16:a9:00:b3:0e:74:0b:1d:9d:e4:7c:c1:53:
                    d4:50:b3:67:7f:1a:e1:91:b7:59:8b:ad:71:ac:51:
                    98:1d:4e:e6:ff:d7:74:7c:6a:5f:4d:06:9d:d2:45:
                    5b:e6:c3:92:f3:80:5d:42:98:e2:af:3e:d7:8a:63:
                    e9:3e:62:3e:71:f8:9b:02:c8:43:a2:a8:ea:ec:e5:
                    41:76:25:64:10:f7:25:87:21:55:29:a1:74:fd:2e:
                    48:e9:ec:95:4f:4e:5a:88:bd:5a:28:e3:8f:a8:6f:
                    44:fd:35:f7:1c:d8:0a:0c:8c:52:00:ca:eb:75:5d:
                    25:b6:16:3b:3d:4a:d4:7b:f9:4f:e3:8d:a7:81:1b:
                    fb:4f:d9:f5:29:4a:8e:e9:60:c5:0e:f2:63:3b:8c:
                    45:21:b3:8d:ba:9c:e2:ef:f1:8f:f6:2d:53:19:6c:
                    cd:2b:de:5a:43:fa:63:c2:ed:59:2a:a0:26:28:af:
                    1f:db:ab:ad:ee:9a:ba:ab:5f:d5:cd:3e:2b:3b:d1:
                    bb:eb:b0:97:a5:3b:7d:c1:9d:f5:df:78:46:32:74:
                    3f:c0:50:4e:c1:9c:69:5e:4c:75:20:ee:14:64:46:
                    36:b2:1c:7a:d5:71:d9:36:24:4f:b9:83:36:af:bd:
                    3d:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:AC:4F:AB:8D:4E:79:41:E9:E2:08:64:1B:97:51:86:50:F2:11:4D
            X509v3 Authority Key Identifier:
                keyid:B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e38362e302f32342d3234203d3e2039303039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.139.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:af:44:ed:30:99:6d:10:8c:67:4f:28:69:78:e9:b8:bf:bc:
         67:dd:55:57:15:58:9e:36:77:2b:e6:03:69:ef:61:35:fc:13:
         9e:88:ef:2b:a3:e4:d3:4f:75:fe:65:76:49:ea:ab:18:fb:03:
         17:64:14:bd:93:42:8c:75:7f:d2:8c:ec:3a:7a:da:0a:79:31:
         06:19:e7:1e:31:7d:1f:65:46:8a:1b:02:ac:1d:8a:c4:dd:7a:
         80:29:05:d5:0f:c8:6b:4c:82:06:f0:ba:ac:23:cd:06:9a:33:
         7d:a5:4d:b1:13:74:0e:f2:5b:3b:d0:69:f4:bb:56:76:cf:23:
         38:16:c6:81:08:ea:d4:53:93:8e:36:ce:52:0b:60:63:ae:43:
         8f:d0:4b:17:b6:60:59:99:22:ec:87:37:5f:14:f7:92:3f:af:
         97:82:c1:a0:48:24:3d:8f:b5:3f:36:b0:66:e7:48:59:6a:b8:
         f4:57:90:cc:25:3e:16:95:df:b9:09:91:5a:be:42:11:a6:fc:
         dd:7e:ab:13:99:06:88:cd:6c:c7:d1:15:ae:55:f7:8d:43:57:
         2e:58:bd:04:e3:7a:58:fd:7e:4b:72:9b:78:8c:f0:c2:80:76:
         4c:94:d9:4c:a7:64:20:8f:67:27:28:a5:67:23:f6:f7:aa:09:
         9d:40:75:c4
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUNd4Vmf8CQ72UjFo1I3XVoZt8DY0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjY4M2YyZWI1MGM1OTk5YTc3NDU2ZTg4MjY4MzE2MDlk
NDhjN2QzZTAeFw0yNTA0MjExMDQ5MDNaFw0yNjA0MjAxMDU0MDNaMDMxMTAvBgNV
BAMTKEM2QUM0RkFCOEQ0RTc5NDFFOUUyMDg2NDFCOTc1MTg2NTBGMjExNEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCg79NThsd7oJwMfKk1sn9rFqkA
sw50Cx2d5HzBU9RQs2d/GuGRt1mLrXGsUZgdTub/13R8al9NBp3SRVvmw5LzgF1C
mOKvPteKY+k+Yj5x+JsCyEOiqOrs5UF2JWQQ9yWHIVUpoXT9Lkjp7JVPTlqIvVoo
44+ob0T9Nfcc2AoMjFIAyut1XSW2Fjs9StR7+U/jjaeBG/tP2fUpSo7pYMUO8mM7
jEUhs426nOLv8Y/2LVMZbM0r3lpD+mPC7VkqoCYorx/bq63umrqrX9XNPis70bvr
sJelO33BnfXfeEYydD/AUE7BnGleTHUg7hRkRjayHHrVcdk2JE+5gzavvT3NAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUxqxPq41OeUHp4ghkG5dRhlDyEU0wHwYDVR0j
BBgwFoAUtoPy61DFmZp3RW6IJoMWCdSMfT4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmItYjY2MC00ODlkLTllOWYtOTQwMmU5ZTJj
MmUyLzAvQjY4M0YyRUI1MEM1OTk5QTc3NDU2RTg4MjY4MzE2MDlENDhDN0QzRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3RvUHk2MURGbVpwM1JXNklKb01XQ2RT
TWZUNC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmIt
YjY2MC00ODlkLTllOWYtOTQwMmU5ZTJjMmUyLzAvMzIzMTMzMmUzMTMzMzkyZTM4
MzYyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzOTMwMzAzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANWL
VjANBgkqhkiG9w0BAQsFAAOCAQEAF69E7TCZbRCMZ08oaXjpuL+8Z91VVxVYnjZ3
K+YDae9hNfwTnojvK6Pk0091/mV2SeqrGPsDF2QUvZNCjHV/0ozsOnraCnkxBhnn
HjF9H2VGihsCrB2KxN16gCkF1Q/Ia0yCBvC6rCPNBpozfaVNsRN0DvJbO9Bp9LtW
ds8jOBbGgQjq1FOTjjbOUgtgY65Dj9BLF7ZgWZki7Ic3XxT3kj+vl4LBoEgkPY+1
PzawZudIWWq49FeQzCU+FpXfuQmRWr5CEab83X6rE5kGiM1sx9EVrlX3jUNXLli9
BON6WP1+S3KbeIzwwoB2TJTZTKdkII9nJyilZyP296oJnUB1xA==
-----END CERTIFICATE-----